如何使用新的 AWS GO SDK-V2 代入角色以进行跨账户访问
[英]How to assume role with the new AWS GO SDK-V2 for cross account access
问题描述
Following the GO SDK-v2 RC last Dec.24th, I have no idea how to create a config to assume a role in a different aws account.
继去年 12 月 24 日的 GO SDK-v2 RC 之后,我不知道如何创建配置以在不同的 aws 帐户中担任角色。 I couldn't find any doc or example and tried with the 'config.WithAssumeRoleCredentialsOptions' or with the 'stscreds.NewAssumeRoleProvider' without any result.我找不到任何文档或示例,并尝试使用“config.WithAssumeRoleCredentialsOptions”或“stscreds.NewAssumeRoleProvider”,但没有任何结果。 Does anyone have an example or pointers for this?有没有人有这方面的例子或指示?
1 个解决方案
解决方案1
1 2021-01-05 20:50:39
Here's the way to do it:这是执行此操作的方法:
ctx := context.TODO()
cfg, err := config.LoadDefaultConfig(ctx,
config.WithRegion("us-east-1"),
//config.WithClientLogMode(aws.LogSigning),
)
if err != nil {
log.Fatal(err)
}
stsClient := sts.NewFromConfig(cfg)
provider := stscreds.NewAssumeRoleProvider(stsClient, roleARN)
cfg.Credentials = aws.NewCredentialsCache(provider)
// without the following, I'm getting an error message: api error SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided.
creds, err := cfg.Credentials.Retrieve(context.Background())
if err != nil {
log.Fatal(err)
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.